Tuesday, March 31, 2009

While searching what others write about Information Cards I found this older presentation and want to share especially one slide with you: If you made OpenID phishing resistant then you have Microsoft CardSpace Geneva?! We need a secure (enough) UI for login and attribute sharing through OpenID, Information Cards and even username/password. I think that cards are a metaphore that users understand and what happens underneath the UI should not really concern the user. I don't want to remember an OpenID or a password, I want to choose a card and what happens under the hood... who cares?! Well, the server vendors care but not the user.Please join the discussion at the Information Card Foundation!

Last Saturday I attended the Mozilla Add-On Workshop in Berlin. It happened in the c-base which is a really cool location for this kind of events. Although the rooms are connected like pearls on a string which led to some traffic even during the sessions. Anyway it was a good event and I will go there again when it comes to Berlin again.Things that impressed me:

The new videocapabilities of Firefox 3.1 are astonishing. You can implement real-time image processing inside the browser to have blue-screen effects or to track people moving in front of the camera or <what-ever-you-can-think-of-on-doing-to-a-bitmap>.

DOM worker threads bring concurrency to javascript. This can be helpfull if you have a lengthy job to do but I fear that this can have astonishing effects.

The Mozilla Lab's projectweave has a new version. Try it. I think it should be easy to extend sharing bookmarks, open tabs, extension from machine to machine to Information Cards and Information Card stores too.

Things that need more work:

Mozilla's build system. This is a monster.

I tried to build Firefox with Windows SDK 2008 and the .NET 3.5 framework -> no fun

crypto support in Mozilla is poor. I need xmldsig, xmlsec and some "basic" digest and crypto (RSA-OAEP-MGF1P) in extensions.

Java access from javascript extensions seem to go down the drain unless mozilla and sun do something.

The following is the text from the slide: Re-registration of a car can prove a real headache. But the Fraunhofer Institute for Open Communication Systems FOKUS in Berlin has joined forces with the Bundesdruckerei to develop the prototype of an electronic automobile re-registration procedure that can be conveniently operated using the home computer.To use this simple procedure, however, the citizen first requires a safe means of identity in the digital world. He or she requires an electronic identity or ‘e-identity’ which needs to be created, administered and decommissioned.Across its life cycle the digital identity can be used for a wide variety of different transactions and activities – but always with the aim of proving the identity of the real individual in the virtual world. Users must be able to navigate in the digital world; they must reveal certain information about themselves – but not too much and certainly not to everybody. At the same time increasingly pervasive networking means that previously separate islands of identity have now to interact and cooperate.In the ‘Re-registration of an Vehicle’ scenario the car owner can use an electronic ID card as a means of identification of the type that will come into use in Germany in 2010. Using this card she logs onto a user-centric service – the scenario uses Windows’ CardSpace – which issues her with a ‘digital card’ or Information Card which she can use via an identity provider to safely authenticate herself on an vehicle portal. Using an electronic vehicle registration certificate – which could also become widely available in future – the car registration office can then read off the key data about the car via the internet and store the data that has been changed.The citizen then transfers the revised data to a future digital license tag.Please contact Jens Fromm from Fraunhofer Fokus for more information.